Start My Search

Dla specjalistów Bezpieczeństwo
#1

Czy mógłby mi ktoś pomoć w pozbyciu się tego wirusa? Z góry dzięki.

#2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

Raporty umieść na http://wklej.org/ i podaj link.

#3

FRST

http://wklej.org/id/1551518/

 

ADDITION

http://wklej.org/id/1551520/

#4

Odinstaluj mystartsearch uninstall,WindowsMangerProtect20.0.0.1277.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pokaż nowe logi z FRST.

#5

FRST

http://wklej.org/id/1551548/

#6

Otwórz Notatnik i wklej:

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-520494661-861046921-2455250303-1000\...\Run: [ASRockOCTuner] = [X]
HKU\S-1-5-21-520494661-861046921-2455250303-1000\...\Run: [zASRockInstantBoot] = [X]
HKU\S-1-5-21-520494661-861046921-2455250303-1000\...\Run: [Facebook Update] = C:\Users\Fataliti\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-12-06] (Facebook Inc.)
HKU\S-1-5-21-520494661-861046921-2455250303-1000\...\MountPoints2: {75229f45-7ebc-11e4-8365-d050994448b8} - H:\setup.exe
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Toolbar: HKU\S-1-5-21-520494661-861046921-2455250303-1000 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Extension: No Name - C:\Users\Fataliti\AppData\Roaming\Mozilla\Firefox\Profiles\gil6a3w0.default\Extensions\trash [2014-12-08]
CHR StartupUrls: Default - "hxxp://www.mystartsearch.com/?type=hpts=1418031732from=smtuid=WDCXWD15EVDS-63V9B1_WD-WMAVU406837468374"
CHR Extension: (DigiHelp) - C:\Users\Fataliti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahpfhbaoeaijdnlmahjepgphkcndopj [2014-12-06]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-12-08] ()
2014-12-08 11:45 - 2014-12-08 11:48 - 00000000 ____ D () C:\AdwCleaner
2014-12-08 11:10 - 2014-12-08 11:10 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-12-08 11:09 - 2014-12-08 11:09 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2014-12-08 11:03 - 2014-12-08 11:03 - 00003158 _____ () C:\Windows\System32\Tasks\{796E2E11-AC0C-487A-8C58-5AA923F49BB5}
2014-12-06 21:26 - 2014-12-08 00:32 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-520494661-861046921-2455250303-1000UA.job
2014-12-06 21:26 - 2014-12-07 21:32 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-520494661-861046921-2455250303-1000Core.job
2014-12-06 21:26 - 2014-12-06 21:27 - 00003922 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-520494661-861046921-2455250303-1000UA
2014-12-06 21:26 - 2014-12-06 21:27 - 00003554 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-520494661-861046921-2455250303-1000Core
2014-12-06 21:26 - 2014-12-06 21:26 - 00000000 ____ D () C:\Users\Fataliti\AppData\Local\Facebook
2014-12-04 21:45 - 2014-12-04 21:45 - 00003446 _____ () C:\Windows\System32\Tasks\{056CC96E-EA87-458B-B75E-22931B7DC99A}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.